Iizerd
/
Code_Virtualizer
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

assembler

Browse Source 
dwaf
main
James 3 years ago
parent 71da702d2f
commit 6d9ce964bf
15 changed files with 11505 additions and 1668 deletions
Show Stats Download Patch File Download Diff File

6
CodeVirtualizer/Jit.cpp
Unescape View File

@ -263,7 +263,7 @@ PNATIVE_CODE_BLOCK JitEmitPostRipMov(PNATIVE_CODE_LINK Link, INT32 Delta)
return Block;
}
BOOL JitiEmitWrapperD(ULONG OpType, PNATIVE_CODE_BLOCK Block, INT32 RipDelta, ULONG Value)
INLINE BOOL JitiEmitWrapperD(ULONG OpType, PNATIVE_CODE_BLOCK Block, INT32 RipDelta, ULONG Value)
{
switch (OpType)
{
@ -272,7 +272,7 @@ BOOL JitiEmitWrapperD(ULONG OpType, PNATIVE_CODE_BLOCK Block, INT32 RipDelta, UL
case JIT_BITWISE_OR: return JitEmitRipRelativeOrD(Block, RipDelta, Value);
}
}
BOOL JitiEmitWrapperW(ULONG OpType, PNATIVE_CODE_BLOCK Block, INT32 RipDelta, ULONG Value)
INLINE BOOL JitiEmitWrapperW(ULONG OpType, PNATIVE_CODE_BLOCK Block, INT32 RipDelta, ULONG Value)
{
switch (OpType)
{
@ -281,7 +281,7 @@ BOOL JitiEmitWrapperW(ULONG OpType, PNATIVE_CODE_BLOCK Block, INT32 RipDelta, UL
case JIT_BITWISE_OR: return JitEmitRipRelativeOrW(Block, RipDelta, Value);
}
}
BOOL JitiEmitWrapperB(ULONG OpType, PNATIVE_CODE_BLOCK Block, INT32 RipDelta, ULONG Value)
INLINE BOOL JitiEmitWrapperB(ULONG OpType, PNATIVE_CODE_BLOCK Block, INT32 RipDelta, ULONG Value)
{
switch (OpType)
{

44
CodeVirtualizer/Main.cpp
Unescape View File

@ -9,6 +9,15 @@
#include "OpaqueBranching.h"
#include "Jit.h"
PVOID MakeExecutableBuffer(PVOID Buffer, ULONG BufferSize)
{
PVOID ExecBuffer = VirtualAlloc(nullptr, BufferSize, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
if (!ExecBuffer)
return NULL;
RtlCopyMemory(ExecBuffer, Buffer, BufferSize);
}
UCHAR TestBuffer[] = {
0x48, 0x33, 0xC0,
0x48, 0x33, 0xC0,
@ -28,21 +37,44 @@ UCHAR TestBuffer[] = {
};
ULONG TestBufferSize = sizeof(TestBuffer);
UCHAR meme1[] = { 0x31, 0xc0 };
int main()
{
XedTablesInit();
/*srand(time(NULL));
srand(time(NULL));
NATIVE_CODE_BLOCK Block;
NcDisassemble(&Block, TestBuffer, TestBufferSize);
PNATIVE_CODE_BLOCK OpaqueBranch = ObfGenOpaqueBranch(Block.Start, Block.End);
NcDebugPrint(OpaqueBranch);
system("pause");*/
PNATIVE_CODE_LINK NewLink = new NATIVE_CODE_LINK(CODE_FLAG_IS_INST, meme1, sizeof(meme1));
NcInsertLinkBefore(Block.End->Prev->Prev->Prev->Prev, NewLink);
ULONG AssembledSize;
PVOID AssembledBlock = NcAssemble(&Block, &AssembledSize);
if (!AssembledBlock || !AssembledSize)
{
printf("Something failed nicka.\n");
system("pause");
return -1;
}
PUCHAR Tb = (PUCHAR)AssembledBlock;
for (uint32_t i = 0; i < AssembledSize; i++)
{
std::cout << std::hex << std::setw(2) << std::setfill('0') << (int)Tb[i] << ' ';
}
//PNATIVE_CODE_BLOCK OpaqueBranch = ObfGenOpaqueBranch(Block.Start, Block.End);
//NcDebugPrint(OpaqueBranch);
system("pause");
NATIVE_CODE_LINK T;
/*NATIVE_CODE_LINK T;
T.RawDataSize = 10;
T.RawData = new UCHAR[10];
memset(T.RawData, 0xAA, 10);
@ -56,6 +88,6 @@ int main()
printf("\n");
NcPrintBlockCode(NewBlock);
}
system("pause");
system("pause");*/
}

145
CodeVirtualizer/NativeCode.cpp
Unescape View File

@ -27,7 +27,7 @@ _NATIVE_CODE_LINK::_NATIVE_CODE_LINK(ULONG F, PVOID Rd, ULONG Rds)
RawDataSize = Rds;
RawData = new UCHAR[Rds];
if (Rd)
memcpy(RawData, Rd, Rds);
RtlCopyMemory(RawData, Rd, Rds);
}
_NATIVE_CODE_LINK::~_NATIVE_CODE_LINK()
@ -343,6 +343,122 @@ PNATIVE_CODE_BLOCK NcDeepCopyBlock(PNATIVE_CODE_BLOCK Block)
return NcDeepCopyPartialBlock(Block->Start, Block->End);
}
BOOL NcGetDeltaToLabel(PNATIVE_CODE_LINK Link, PINT32 DeltaOut)
{
INT32 Delta = 0;
//First checking backwards because I feel like thats the direction most jmps are in
for (PNATIVE_CODE_LINK T = Link; T; T = T->Prev)
{
if (T->Flags & CODE_FLAG_IS_LABEL)
{
if (T->Label == Link->Label)
{
*DeltaOut = Delta;
return TRUE;
}
continue;
}
Delta -= T->RawDataSize;
}
//Now check forwards
Delta = 0;
for (PNATIVE_CODE_LINK T = Link->Next; T; T = T->Next)
{
if (T->Flags & CODE_FLAG_IS_LABEL)
{
if (T->Label == Link->Label)
{
*DeltaOut = Delta;
return TRUE;
}
continue;
}
Delta += T->RawDataSize;
}
return FALSE;
}
BOOL NcFixRelJmps(PNATIVE_CODE_BLOCK Block)
{
for (PNATIVE_CODE_LINK T = Block->Start; T != Block->End->Next;)
{
if (T->Flags & CODE_FLAG_IS_REL_JMP)
{
INT32 BranchDisp = 0;
if (!NcGetDeltaToLabel(T, &BranchDisp))
return FALSE;
ULONG DispWidth = XedDecodedInstGetBranchDisplacementWidthBits(&T->XedInstruction);
if (log2(abs(BranchDisp)) + 1 > DispWidth)
{
//duh oh
if (DispWidth == 32)
return FALSE;
//Grow displacement width to required size
DispWidth *= 2;
//Check again
if (log2(abs(BranchDisp)) + 1 > DispWidth)
{
if (DispWidth == 32)
return FALSE;
//Grow once more if not already at 32
DispWidth *= 2;
}
//Encode new instruction
XED_STATE MachineState;
MachineState.mmode = XED_MACHINE_MODE_LONG_64;
MachineState.stack_addr_width = XED_ADDRESS_WIDTH_64b;
XED_ENCODER_INSTRUCTION EncoderInstruction;
XED_ENCODER_REQUEST EncoderRequest;
UCHAR EncodeBuffer[15];
UINT ReturnedSize;
XED_ICLASS_ENUM IClass = XedDecodedInstGetIClass(&T->XedInstruction);
//Do the encoding
XedInst1(&EncoderInstruction, MachineState, IClass, DispWidth, XedRelBr(0, DispWidth));
XedEncoderRequestZeroSetMode(&EncoderRequest, &MachineState);
if (!XedConvertToEncoderRequest(&EncoderRequest, &EncoderInstruction))
return FALSE;
if (XED_ERROR_NONE != XedEncode(&EncoderRequest, EncodeBuffer, 15, &ReturnedSize))
return FALSE;
//fixup T->RawData
delete[] T->RawData;
T->RawDataSize = ReturnedSize;
T->RawData = new UCHAR[ReturnedSize];
RtlCopyMemory(T->RawData, EncodeBuffer, ReturnedSize);
//Decode instruction so its proper and all that
XedDecodedInstZeroSetMode(&T->XedInstruction, &MachineState);
if (XED_ERROR_NONE != XedDecode(&T->XedInstruction, T->RawData, T->RawDataSize))
return FALSE;
//Go back to the start and loop through all labels again because now this instruction is larger :))))
T = Block->Start;
continue;
}
else
{
DispWidth = XedDecodedInstGetBranchDisplacementWidth(&T->XedInstruction);
switch (DispWidth)
{
case 1: *(PINT8)&T->RawData[T->RawDataSize - DispWidth] = (INT8)BranchDisp; break;
case 2: *(PINT16)&T->RawData[T->RawDataSize - DispWidth] = (INT16)BranchDisp; break;
case 4: *(PINT32)&T->RawData[T->RawDataSize - DispWidth] = (INT32)BranchDisp; break;
}
}
}
T = T->Next;
}
return TRUE;
}
BOOL NcDisassemble(PNATIVE_CODE_BLOCK Block, PVOID Buffer, ULONG BufferSize)
{
PUCHAR Buf = (PUCHAR)Buffer;
@ -363,7 +479,7 @@ BOOL NcDisassemble(PNATIVE_CODE_BLOCK Block, PVOID Buffer, ULONG BufferSize)
}
Link->RawDataSize = XedDecodedInstGetLength(&Link->XedInstruction);
Link->RawData = new UCHAR[Link->RawDataSize];
memcpy(Link->RawData, (Buf + Offset), Link->RawDataSize);
RtlCopyMemory(Link->RawData, (Buf + Offset), Link->RawDataSize);
NcAppendToBlock(Block, Link);
@ -375,10 +491,29 @@ BOOL NcDisassemble(PNATIVE_CODE_BLOCK Block, PVOID Buffer, ULONG BufferSize)
return TRUE;
}
PVOID NcAssemble(PNATIVE_CODE_BLOCK Block)
PVOID NcAssemble(PNATIVE_CODE_BLOCK Block, PULONG OutSize)
{
//TODO: handle post assembly editing for Jit obfuscation types(maybe a vector of post assembly processing traits inside of NATIVE_CODE_LINK)
return NULL;
if (!NcFixRelJmps(Block))
return NULL;
*OutSize = NcCalcBlockSize(Block);
PUCHAR Buffer = (PUCHAR)malloc(*OutSize);
if (!Buffer)
return NULL;
PUCHAR BufferOffset = Buffer;
for (PNATIVE_CODE_LINK T = Block->Start; T != Block->End->Next; T = T->Next)
{
if (T->Flags & CODE_FLAG_IS_LABEL)
continue;
RtlCopyMemory(BufferOffset, T->RawData, T->RawDataSize);
BufferOffset += T->RawDataSize;
}
return Buffer;
}
VOID NcDeleteBlock(PNATIVE_CODE_BLOCK Block)

12
CodeVirtualizer/NativeCode.h
Unescape View File

@ -25,9 +25,9 @@ typedef struct _NATIVE_CODE_LINK
typedef struct _NATIVE_CODE_BLOCK
{
PNATIVE_CODE_LINK Start;
PNATIVE_CODE_LINK End;
STDVECTOR<ULONG> LabelIds;
PNATIVE_CODE_LINK Start;
PNATIVE_CODE_LINK End;
STDVECTOR<ULONG> LabelIds;
_NATIVE_CODE_BLOCK();
}NATIVE_CODE_BLOCK, *PNATIVE_CODE_BLOCK;
@ -63,9 +63,13 @@ PNATIVE_CODE_BLOCK NcDeepCopyPartialBlock(PNATIVE_CODE_LINK Start, PNATIVE_CODE_
PNATIVE_CODE_BLOCK NcDeepCopyBlock(PNATIVE_CODE_BLOCK Block);
BOOL NcGetDeltaToLabel(PNATIVE_CODE_LINK Link, PINT32 DeltaOut);
BOOL NcFixRelJmps(PNATIVE_CODE_BLOCK Block);
BOOL NcDisassemble(PNATIVE_CODE_BLOCK Block, PVOID Buffer, ULONG BufferSize);
PVOID NcAssemble(PNATIVE_CODE_BLOCK Block);
PVOID NcAssemble(PNATIVE_CODE_BLOCK Block, PULONG OutSize);
VOID NcDeleteBlock(PNATIVE_CODE_BLOCK Block);

5
CodeVirtualizer/RipMovInst.cpp
Unescape View File

@ -6,8 +6,7 @@ BOOL JitEmitRipRelativeMovD(PNATIVE_CODE_BLOCK Block, INT32 RipDelta, PUCHAR Dat
PNATIVE_CODE_LINK Link = new NATIVE_CODE_LINK(CODE_FLAG_IS_INST | CODE_FLAG_DO_NOT_DIVIDE, RawData, sizeof(RawData));
*(PINT32)&Link->RawData[2] = RipDelta;
memcpy(&Link->RawData[6], Data, 4);
printf("%p memes\n", Link);
RtlCopyMemory(&Link->RawData[6], Data, 4);
XedDecode(&Link->XedInstruction, Link->RawData, Link->RawDataSize);
NcAppendToBlock(Block, Link);
return TRUE;
@ -19,7 +18,7 @@ BOOL JitEmitRipRelativeMovW(PNATIVE_CODE_BLOCK Block, INT32 RipDelta, PUCHAR Dat
PNATIVE_CODE_LINK Link = new NATIVE_CODE_LINK(CODE_FLAG_IS_INST | CODE_FLAG_DO_NOT_DIVIDE, RawData, sizeof(RawData));
*(PINT32)&Link->RawData[3] = RipDelta;
memcpy(&Link->RawData[7], Data, 2);
RtlCopyMemory(&Link->RawData[7], Data, 2);
XedDecode(&Link->XedInstruction, Link->RawData, Link->RawDataSize);
NcAppendToBlock(Block, Link);
return TRUE;

2
CodeVirtualizer/XedWrap.h
Unescape View File

@ -26,10 +26,12 @@ extern "C"
#define XedDecode xed_decode
#define XedDecodedInstZero xed_decoded_inst_zero
#define XedDecodedInstZeroSetMode xed_decoded_inst_zero_set_mode
#define XedDecodedInstSetMode xed_decoded_inst_set_mode
#define XedDecodedInstGetLength xed_decoded_inst_get_length
#define XedDecodedInstGetCategory xed_decoded_inst_get_category
#define XedDecodedInstGetBranchDisplacementWidth xed_decoded_inst_get_branch_displacement_width
#define XedDecodedInstGetBranchDisplacementWidthBits xed_decoded_inst_get_branch_displacement_width_bits
#define XedDecodedInstGetBranchDisplacement xed_decoded_inst_get_branch_displacement
#define XedDecodedInstInst xed_decoded_inst_inst
#define XedDecodedInstNumOperands xed_decoded_inst_noperands

4
CodeVirtualizer/x64/Debug/Assembly.lst
Unescape View File

@ -1,4 +1,4 @@
Microsoft (R) Macro Assembler (x64) Version 14.27.29111.0 10/11/21 20:38:55
Microsoft (R) Macro Assembler (x64) Version 14.27.29111.0 10/14/21 00:59:02
Assembly.asm Page 1 - 1
@ -6,7 +6,7 @@ Assembly.asm Page 1 - 1
END
Microsoft (R) Macro Assembler (x64) Version 14.27.29111.0 10/11/21 20:38:55
Microsoft (R) Macro Assembler (x64) Version 14.27.29111.0 10/14/21 00:59:02
Assembly.asm Symbols 2 - 1

1948
CodeVirtualizer/x64/Debug/Jit.cod
View File

File diff suppressed because it is too large Load Diff

4724
CodeVirtualizer/x64/Debug/Main.cod
View File

File diff suppressed because it is too large Load Diff

1481
CodeVirtualizer/x64/Debug/NativeCode.cod
View File

File diff suppressed because it is too large Load Diff

2205
CodeVirtualizer/x64/Debug/RipAndInst.cod
View File

File diff suppressed because it is too large Load Diff

380
CodeVirtualizer/x64/Debug/RipMovInst.cod
Unescape View File

@ -87,9 +87,6 @@ PUBLIC ?__empty_global_delete@@YAXPEAX@Z ; __empty_global_delete
PUBLIC ?__empty_global_delete@@YAXPEAX_K@Z ; __empty_global_delete
PUBLIC ?__empty_global_delete@@YAXPEAXW4align_val_t@std@@@Z ; __empty_global_delete
PUBLIC ?__empty_global_delete@@YAXPEAX_KW4align_val_t@std@@@Z ; __empty_global_delete
PUBLIC __local_stdio_printf_options
PUBLIC _vfprintf_l
PUBLIC printf
PUBLIC wmemcpy
PUBLIC ??$_Maklocstr@_W@std@@YAPEA_WPEBDPEA_WAEBU_Cvtvec@@@Z ; std::_Maklocstr<wchar_t>
PUBLIC ?_Maklocwcs@std@@YAPEA_WPEB_W@Z ; std::_Maklocwcs
@ -100,11 +97,9 @@ PUBLIC ?JitEmitRipRelativeMovD@@YAHPEAU_NATIVE_CODE_BLOCK@@HPEAE@Z ; JitEmitRipR
PUBLIC ?JitEmitRipRelativeMovW@@YAHPEAU_NATIVE_CODE_BLOCK@@HPEAE@Z ; JitEmitRipRelativeMovW
PUBLIC ?JitEmitRipRelativeMovB@@YAHPEAU_NATIVE_CODE_BLOCK@@HPEAE@Z ; JitEmitRipRelativeMovB
PUBLIC __JustMyCode_Default
PUBLIC ?_OptionsStorage@?1??__local_stdio_printf_options@@9@4_KA ; `__local_stdio_printf_options'::`2'::_OptionsStorage
PUBLIC ??_C@_0GI@DEICPIDJ@C?3?2Program?5Files?5?$CIx86?$CJ?2Microsof@ ; `string'
PUBLIC ?__LINE__Var@?0??_Maklocwcs@std@@YAPEA_WPEB_W@Z@4JA ; `std::_Maklocwcs'::`1'::__LINE__Var
PUBLIC ??_C@_0GI@LHMPPKJI@C?3?2Program?5Files?5?$CIx86?$CJ?2Microsof@ ; `string'
PUBLIC ??_C@_09MPIOMHBM@?$CFp?5memes?6@ ; `string'
PUBLIC ??_C@_0N@LPFKKEBD@?3AM?3am?3PM?3pm@ ; `string'
PUBLIC ??_C@_1BK@MHIKGOKE@?$AA?3?$AAA?$AAM?$AA?3?$AAa?$AAm?$AA?3?$AAP?$AAM?$AA?3?$AAp?$AAm@ ; `string'
EXTRN ??2@YAPEAX_K@Z:PROC ; operator new
@ -113,8 +108,6 @@ EXTRN memcpy:PROC
EXTRN __imp_wcslen:PROC
EXTRN strlen:PROC
EXTRN __imp__calloc_dbg:PROC
EXTRN __imp___acrt_iob_func:PROC
EXTRN __imp___stdio_common_vfprintf:PROC
EXTRN ?_Xbad_alloc@std@@YAXXZ:PROC ; std::_Xbad_alloc
EXTRN _Mbrtowc:PROC
EXTRN __imp_?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ:PROC
@ -134,10 +127,6 @@ EXTRN __GSHandlerCheck:PROC
EXTRN __GSHandlerCheck_EH4:PROC
EXTRN __security_check_cookie:PROC
EXTRN __security_cookie:QWORD
; COMDAT ?_OptionsStorage@?1??__local_stdio_printf_options@@9@4_KA
_BSS SEGMENT
?_OptionsStorage@?1??__local_stdio_printf_options@@9@4_KA DQ 01H DUP (?) ; `__local_stdio_printf_options'::`2'::_OptionsStorage
_BSS ENDS
; COMDAT pdata
pdata SEGMENT
$pdata$?__empty_global_delete@@YAXPEAX@Z DD imagerel $LN3
@ -164,24 +153,6 @@ $pdata$?__empty_global_delete@@YAXPEAX_KW4align_val_t@std@@@Z DD imagerel $LN3
pdata ENDS
; COMDAT pdata
pdata SEGMENT
$pdata$__local_stdio_printf_options DD imagerel $LN3
DD imagerel $LN3+59
DD imagerel $unwind$__local_stdio_printf_options
pdata ENDS
; COMDAT pdata
pdata SEGMENT
$pdata$_vfprintf_l DD imagerel $LN3
DD imagerel $LN3+126
DD imagerel $unwind$_vfprintf_l
pdata ENDS
; COMDAT pdata
pdata SEGMENT
$pdata$printf DD imagerel $LN3
DD imagerel $LN3+214
DD imagerel $unwind$printf
pdata ENDS
; COMDAT pdata
pdata SEGMENT
$pdata$wmemcpy DD imagerel $LN3
DD imagerel $LN3+106
DD imagerel $unwind$wmemcpy
@ -219,7 +190,7 @@ pdata ENDS
; COMDAT pdata
pdata SEGMENT
$pdata$?JitEmitRipRelativeMovD@@YAHPEAU_NATIVE_CODE_BLOCK@@HPEAE@Z DD imagerel $LN6
DD imagerel $LN6+397
DD imagerel $LN6+381
DD imagerel $unwind$?JitEmitRipRelativeMovD@@YAHPEAU_NATIVE_CODE_BLOCK@@HPEAE@Z
pdata ENDS
; COMDAT pdata
@ -270,10 +241,6 @@ CONST ENDS
CONST SEGMENT
??_C@_0N@LPFKKEBD@?3AM?3am?3PM?3pm@ DB ':AM:am:PM:pm', 00H ; `string'
CONST ENDS
; COMDAT ??_C@_09MPIOMHBM@?$CFp?5memes?6@
CONST SEGMENT
??_C@_09MPIOMHBM@?$CFp?5memes?6@ DB '%p memes', 0aH, 00H ; `string'
CONST ENDS
; COMDAT ??_C@_0GI@LHMPPKJI@C?3?2Program?5Files?5?$CIx86?$CJ?2Microsof@
CONST SEGMENT
??_C@_0GI@LHMPPKJI@C?3?2Program?5Files?5?$CIx86?$CJ?2Microsof@ DB 'C:\Pro'
@ -543,49 +510,6 @@ $unwind$wmemcpy DD 025053401H
xdata ENDS
; COMDAT xdata
xdata SEGMENT
$unwind$printf DD 025054a19H
DD 011d2322H
DD 07016002bH
DD 05015H
DD imagerel __GSHandlerCheck
DD 0148H
xdata ENDS
; COMDAT CONST
CONST SEGMENT
printf$rtcName$0 DB 05fH
DB 041H
DB 072H
DB 067H
DB 04cH
DB 069H
DB 073H
DB 074H
DB 00H
ORG $+7
printf$rtcVarDesc DD 048H
DD 08H
DQ FLAT:printf$rtcName$0
ORG $+48
printf$rtcFrameData DD 01H
DD 00H
DQ FLAT:printf$rtcVarDesc
CONST ENDS
; COMDAT xdata
xdata SEGMENT
$unwind$_vfprintf_l DD 035053901H
DD 011d3322H
DD 07016001fH
DD 05015H
xdata ENDS
; COMDAT xdata
xdata SEGMENT
$unwind$__local_stdio_printf_options DD 025051e01H
DD 010a230fH
DD 07003001dH
DD 05002H
xdata ENDS
; COMDAT xdata
xdata SEGMENT
$ip2state$?__empty_global_delete@@YAXPEAX_KW4align_val_t@std@@@Z DB 02H
DB 00H
DB 00H
@ -686,7 +610,7 @@ RipDelta$ = 376
Data$ = 384
?JitEmitRipRelativeMovB@@YAHPEAU_NATIVE_CODE_BLOCK@@HPEAE@Z PROC ; JitEmitRipRelativeMovB, COMDAT
; 29 : {
; 28 : {
$LN6:
00000 4c 89 44 24 18 mov QWORD PTR [rsp+24], r8
@ -712,7 +636,7 @@ $LN6:
00 00 lea rcx, OFFSET FLAT:__9DFA3906_RipMovInst@cpp
0004b e8 00 00 00 00 call __CheckForDebuggerJustMyCode
; 30 : UCHAR RawData[] = { 0xC6, 0x05, 0x00, 0x00, 0x00, 0x00, 0x00 };
; 29 : UCHAR RawData[] = { 0xC6, 0x05, 0x00, 0x00, 0x00, 0x00, 0x00 };
00050 c6 45 04 c6 mov BYTE PTR RawData$[rbp], 198 ; 000000c6H
00054 c6 45 05 05 mov BYTE PTR RawData$[rbp+1], 5
@ -722,8 +646,8 @@ $LN6:
00064 c6 45 09 00 mov BYTE PTR RawData$[rbp+5], 0
00068 c6 45 0a 00 mov BYTE PTR RawData$[rbp+6], 0
; 31 :
; 32 : PNATIVE_CODE_LINK Link = new NATIVE_CODE_LINK(CODE_FLAG_IS_INST, RawData, sizeof(RawData));
; 30 :
; 31 : PNATIVE_CODE_LINK Link = new NATIVE_CODE_LINK(CODE_FLAG_IS_INST | CODE_FLAG_DO_NOT_DIVIDE, RawData, sizeof(RawData));
0006c b9 f0 00 00 00 mov ecx, 240 ; 000000f0H
00071 e8 00 00 00 00 call ??2@YAPEAX_K@Z ; operator new
@ -735,7 +659,7 @@ $LN6:
00087 41 b9 07 00 00
00 mov r9d, 7
0008d 4c 8d 45 04 lea r8, QWORD PTR RawData$[rbp]
00091 ba 04 00 00 00 mov edx, 4
00091 ba 0c 00 00 00 mov edx, 12
00096 48 8b 8d 28 01
00 00 mov rcx, QWORD PTR $T5[rbp]
0009d e8 00 00 00 00 call ??0_NATIVE_CODE_LINK@@QEAA@KPEAXK@Z ; _NATIVE_CODE_LINK::_NATIVE_CODE_LINK
@ -755,7 +679,7 @@ $LN4@JitEmitRip:
00 00 mov rax, QWORD PTR $T4[rbp]
000cb 48 89 45 28 mov QWORD PTR Link$[rbp], rax
; 33 : *(PINT32)&Link->RawData[2] = RipDelta;
; 32 : *(PINT32)&Link->RawData[2] = RipDelta;
000cf b8 01 00 00 00 mov eax, 1
000d4 48 6b c0 02 imul rax, rax, 2
@ -765,7 +689,7 @@ $LN4@JitEmitRip:
00 mov edx, DWORD PTR RipDelta$[rbp]
000e6 89 14 08 mov DWORD PTR [rax+rcx], edx
; 34 : Link->RawData[6] = *Data;
; 33 : Link->RawData[6] = *Data;
000e9 b8 01 00 00 00 mov eax, 1
000ee 48 6b c0 06 imul rax, rax, 6
@ -776,7 +700,7 @@ $LN4@JitEmitRip:
00101 0f b6 12 movzx edx, BYTE PTR [rdx]
00104 88 14 08 mov BYTE PTR [rax+rcx], dl
; 35 : XedDecode(&Link->XedInstruction, Link->RawData, Link->RawDataSize);
; 34 : XedDecode(&Link->XedInstruction, Link->RawData, Link->RawDataSize);
00107 48 8b 45 28 mov rax, QWORD PTR Link$[rbp]
0010b 48 83 c0 30 add rax, 48 ; 00000030H
@ -787,18 +711,18 @@ $LN4@JitEmitRip:
0011f 48 8b c8 mov rcx, rax
00122 e8 00 00 00 00 call xed_decode
; 36 : NcAppendToBlock(Block, Link);
; 35 : NcAppendToBlock(Block, Link);
00127 48 8b 55 28 mov rdx, QWORD PTR Link$[rbp]
0012b 48 8b 8d 70 01
00 00 mov rcx, QWORD PTR Block$[rbp]
00132 e8 00 00 00 00 call ?NcAppendToBlock@@YAXPEAU_NATIVE_CODE_BLOCK@@PEAU_NATIVE_CODE_LINK@@@Z ; NcAppendToBlock
; 37 : return TRUE;
; 36 : return TRUE;
00137 b8 01 00 00 00 mov eax, 1
; 38 : }
; 37 : }
0013c 8b f8 mov edi, eax
0013e 48 8d 4d e0 lea rcx, QWORD PTR [rbp-32]
@ -889,7 +813,7 @@ RipDelta$ = 392
Data$ = 400
?JitEmitRipRelativeMovW@@YAHPEAU_NATIVE_CODE_BLOCK@@HPEAE@Z PROC ; JitEmitRipRelativeMovW, COMDAT
; 17 : {
; 16 : {
$LN6:
00000 4c 89 44 24 18 mov QWORD PTR [rsp+24], r8
@ -915,7 +839,7 @@ $LN6:
00 00 lea rcx, OFFSET FLAT:__9DFA3906_RipMovInst@cpp
0004b e8 00 00 00 00 call __CheckForDebuggerJustMyCode
; 18 : UCHAR RawData[] = { 0x66, 0xC7, 0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
; 17 : UCHAR RawData[] = { 0x66, 0xC7, 0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
00050 c6 45 08 66 mov BYTE PTR RawData$[rbp], 102 ; 00000066H
00054 c6 45 09 c7 mov BYTE PTR RawData$[rbp+1], 199 ; 000000c7H
@ -927,8 +851,8 @@ $LN6:
0006c c6 45 0f 00 mov BYTE PTR RawData$[rbp+7], 0
00070 c6 45 10 00 mov BYTE PTR RawData$[rbp+8], 0
; 19 :
; 20 : PNATIVE_CODE_LINK Link = new NATIVE_CODE_LINK(CODE_FLAG_IS_INST, RawData, sizeof(RawData));
; 18 :
; 19 : PNATIVE_CODE_LINK Link = new NATIVE_CODE_LINK(CODE_FLAG_IS_INST | CODE_FLAG_DO_NOT_DIVIDE, RawData, sizeof(RawData));
00074 b9 f0 00 00 00 mov ecx, 240 ; 000000f0H
00079 e8 00 00 00 00 call ??2@YAPEAX_K@Z ; operator new
@ -940,7 +864,7 @@ $LN6:
0008f 41 b9 09 00 00
00 mov r9d, 9
00095 4c 8d 45 08 lea r8, QWORD PTR RawData$[rbp]
00099 ba 04 00 00 00 mov edx, 4
00099 ba 0c 00 00 00 mov edx, 12
0009e 48 8b 8d 38 01
00 00 mov rcx, QWORD PTR $T5[rbp]
000a5 e8 00 00 00 00 call ??0_NATIVE_CODE_LINK@@QEAA@KPEAXK@Z ; _NATIVE_CODE_LINK::_NATIVE_CODE_LINK
@ -960,7 +884,7 @@ $LN4@JitEmitRip:
00 00 mov rax, QWORD PTR $T4[rbp]
000d3 48 89 45 38 mov QWORD PTR Link$[rbp], rax
; 21 : *(PINT32)&Link->RawData[3] = RipDelta;
; 20 : *(PINT32)&Link->RawData[3] = RipDelta;
000d7 b8 01 00 00 00 mov eax, 1
000dc 48 6b c0 03 imul rax, rax, 3
@ -970,7 +894,7 @@ $LN4@JitEmitRip:
00 mov edx, DWORD PTR RipDelta$[rbp]
000ee 89 14 08 mov DWORD PTR [rax+rcx], edx
; 22 : memcpy(&Link->RawData[7], Data, 2);
; 21 : RtlCopyMemory(&Link->RawData[7], Data, 2);
000f1 b8 01 00 00 00 mov eax, 1
000f6 48 6b c0 07 imul rax, rax, 7
@ -983,7 +907,7 @@ $LN4@JitEmitRip:
0010f 48 8b c8 mov rcx, rax
00112 e8 00 00 00 00 call memcpy
; 23 : XedDecode(&Link->XedInstruction, Link->RawData, Link->RawDataSize);
; 22 : XedDecode(&Link->XedInstruction, Link->RawData, Link->RawDataSize);
00117 48 8b 45 38 mov rax, QWORD PTR Link$[rbp]
0011b 48 83 c0 30 add rax, 48 ; 00000030H
@ -994,18 +918,18 @@ $LN4@JitEmitRip:
0012f 48 8b c8 mov rcx, rax
00132 e8 00 00 00 00 call xed_decode
; 24 : NcAppendToBlock(Block, Link);
; 23 : NcAppendToBlock(Block, Link);
00137 48 8b 55 38 mov rdx, QWORD PTR Link$[rbp]
0013b 48 8b 8d 80 01
00 00 mov rcx, QWORD PTR Block$[rbp]
00142 e8 00 00 00 00 call ?NcAppendToBlock@@YAXPEAU_NATIVE_CODE_BLOCK@@PEAU_NATIVE_CODE_LINK@@@Z ; NcAppendToBlock
; 25 : return TRUE;
; 24 : return TRUE;
00147 b8 01 00 00 00 mov eax, 1
; 26 : }
; 25 : }
0014c 8b f8 mov edi, eax
0014e 48 8d 4d e0 lea rcx, QWORD PTR [rbp-32]
@ -1136,7 +1060,7 @@ $LN6:
00074 c6 45 11 00 mov BYTE PTR RawData$[rbp+9], 0
; 6 :
; 7 : PNATIVE_CODE_LINK Link = new NATIVE_CODE_LINK(CODE_FLAG_IS_INST, RawData, sizeof(RawData));
; 7 : PNATIVE_CODE_LINK Link = new NATIVE_CODE_LINK(CODE_FLAG_IS_INST | CODE_FLAG_DO_NOT_DIVIDE, RawData, sizeof(RawData));
00078 b9 f0 00 00 00 mov ecx, 240 ; 000000f0H
0007d e8 00 00 00 00 call ??2@YAPEAX_K@Z ; operator new
@ -1148,7 +1072,7 @@ $LN6:
00093 41 b9 0a 00 00
00 mov r9d, 10
00099 4c 8d 45 08 lea r8, QWORD PTR RawData$[rbp]
0009d ba 04 00 00 00 mov edx, 4
0009d ba 0c 00 00 00 mov edx, 12
000a2 48 8b 8d 38 01
00 00 mov rcx, QWORD PTR $T5[rbp]
000a9 e8 00 00 00 00 call ??0_NATIVE_CODE_LINK@@QEAA@KPEAXK@Z ; _NATIVE_CODE_LINK::_NATIVE_CODE_LINK
@ -1178,7 +1102,7 @@ $LN4@JitEmitRip:
00 mov edx, DWORD PTR RipDelta$[rbp]
000f2 89 14 08 mov DWORD PTR [rax+rcx], edx
; 9 : memcpy(&Link->RawData[6], Data, 4);
; 9 : RtlCopyMemory(&Link->RawData[6], Data, 4);
000f5 b8 01 00 00 00 mov eax, 1
000fa 48 6b c0 06 imul rax, rax, 6
@ -1191,52 +1115,45 @@ $LN4@JitEmitRip:
00113 48 8b c8 mov rcx, rax
00116 e8 00 00 00 00 call memcpy
; 10 : printf("%p memes\n", Link);
0011b 48 8b 55 38 mov rdx, QWORD PTR Link$[rbp]
0011f 48 8d 0d 00 00
00 00 lea rcx, OFFSET FLAT:??_C@_09MPIOMHBM@?$CFp?5memes?6@
00126 e8 00 00 00 00 call printf
; 10 : XedDecode(&Link->XedInstruction, Link->RawData, Link->RawDataSize);
; 11 : XedDecode(&Link->XedInstruction, Link->RawData, Link->RawDataSize);
0011b 48 8b 45 38 mov rax, QWORD PTR Link$[rbp]
0011f 48 83 c0 30 add rax, 48 ; 00000030H
00123 48 8b 4d 38 mov rcx, QWORD PTR Link$[rbp]
00127 44 8b 41 28 mov r8d, DWORD PTR [rcx+40]
0012b 48 8b 4d 38 mov rcx, QWORD PTR Link$[rbp]
0012f 48 8b 51 20 mov rdx, QWORD PTR [rcx+32]
00133 48 8b c8 mov rcx, rax
00136 e8 00 00 00 00 call xed_decode
0012b 48 8b 45 38 mov rax, QWORD PTR Link$[rbp]
0012f 48 83 c0 30 add rax, 48 ; 00000030H
00133 48 8b 4d 38 mov rcx, QWORD PTR Link$[rbp]
00137 44 8b 41 28 mov r8d, DWORD PTR [rcx+40]
0013b 48 8b 4d 38 mov rcx, QWORD PTR Link$[rbp]
0013f 48 8b 51 20 mov rdx, QWORD PTR [rcx+32]
00143 48 8b c8 mov rcx, rax
00146 e8 00 00 00 00 call xed_decode
; 11 : NcAppendToBlock(Block, Link);
; 12 : NcAppendToBlock(Block, Link);
0014b 48 8b 55 38 mov rdx, QWORD PTR Link$[rbp]
0014f 48 8b 8d 80 01
0013b 48 8b 55 38 mov rdx, QWORD PTR Link$[rbp]
0013f 48 8b 8d 80 01
00 00 mov rcx, QWORD PTR Block$[rbp]
00156 e8 00 00 00 00 call ?NcAppendToBlock@@YAXPEAU_NATIVE_CODE_BLOCK@@PEAU_NATIVE_CODE_LINK@@@Z ; NcAppendToBlock
00146 e8 00 00 00 00 call ?NcAppendToBlock@@YAXPEAU_NATIVE_CODE_BLOCK@@PEAU_NATIVE_CODE_LINK@@@Z ; NcAppendToBlock
; 13 : return TRUE;
; 12 : return TRUE;
0015b b8 01 00 00 00 mov eax, 1
0014b b8 01 00 00 00 mov eax, 1
; 14 : }
; 13 : }
00160 8b f8 mov edi, eax
00162 48 8d 4d e0 lea rcx, QWORD PTR [rbp-32]
00166 48 8d 15 00 00
00150 8b f8 mov edi, eax
00152 48 8d 4d e0 lea rcx, QWORD PTR [rbp-32]
00156 48 8d 15 00 00
00 00 lea rdx, OFFSET FLAT:?JitEmitRipRelativeMovD@@YAHPEAU_NATIVE_CODE_BLOCK@@HPEAE@Z$rtcFrameData
0016d e8 00 00 00 00 call _RTC_CheckStackVars
00172 8b c7 mov eax, edi
00174 48 8b 8d 50 01
0015d e8 00 00 00 00 call _RTC_CheckStackVars
00162 8b c7 mov eax, edi
00164 48 8b 8d 50 01
00 00 mov rcx, QWORD PTR __$ArrayPad$[rbp]
0017b 48 33 cd xor rcx, rbp
0017e e8 00 00 00 00 call __security_check_cookie
00183 48 8d a5 68 01
0016b 48 33 cd xor rcx, rbp
0016e e8 00 00 00 00 call __security_check_cookie
00173 48 8d a5 68 01
00 00 lea rsp, QWORD PTR [rbp+360]
0018a 5f pop rdi
0018b 5d pop rbp
0018c c3 ret 0
0017a 5f pop rdi
0017b 5d pop rbp
0017c c3 ret 0
?JitEmitRipRelativeMovD@@YAHPEAU_NATIVE_CODE_BLOCK@@HPEAE@Z ENDP ; JitEmitRipRelativeMovD
_TEXT ENDS
; COMDAT text$x
@ -2161,195 +2078,6 @@ $LN3:
wmemcpy ENDP
_TEXT ENDS
; Function compile flags: /Odtp /RTCsu /ZI
; File C:\Program Files (x86)\Windows Kits\10\Include\10.0.19041.0\ucrt\stdio.h
; COMDAT printf
_TEXT SEGMENT
_Result$ = 4
_ArgList$ = 40
tv77 = 280
tv75 = 288
__$ArrayPad$ = 296
_Format$ = 336
printf PROC ; COMDAT
; 956 : {
$LN3:
00000 48 89 4c 24 08 mov QWORD PTR [rsp+8], rcx
00005 48 89 54 24 10 mov QWORD PTR [rsp+16], rdx
0000a 4c 89 44 24 18 mov QWORD PTR [rsp+24], r8
0000f 4c 89 4c 24 20 mov QWORD PTR [rsp+32], r9
00014 55 push rbp
00015 57 push rdi
00016 48 81 ec 58 01
00 00 sub rsp, 344 ; 00000158H
0001d 48 8d 6c 24 20 lea rbp, QWORD PTR [rsp+32]
00022 48 8b fc mov rdi, rsp
00025 b9 56 00 00 00 mov ecx, 86 ; 00000056H
0002a b8 cc cc cc cc mov eax, -858993460 ; ccccccccH
0002f f3 ab rep stosd
00031 48 8b 8c 24 78
01 00 00 mov rcx, QWORD PTR [rsp+376]
00039 48 8b 05 00 00
00 00 mov rax, QWORD PTR __security_cookie
00040 48 33 c5 xor rax, rbp
00043 48 89 85 28 01
00 00 mov QWORD PTR __$ArrayPad$[rbp], rax
0004a 48 8d 0d 00 00
00 00 lea rcx, OFFSET FLAT:__6DFAE8B8_stdio@h
00051 e8 00 00 00 00 call __CheckForDebuggerJustMyCode
; 957 : int _Result;
; 958 : va_list _ArgList;
; 959 : __crt_va_start(_ArgList, _Format);
00056 48 8d 85 58 01
00 00 lea rax, QWORD PTR _Format$[rbp+8]
0005d 48 89 45 28 mov QWORD PTR _ArgList$[rbp], rax
; 960 : _Result = _vfprintf_l(stdout, _Format, NULL, _ArgList);
00061 48 8b 45 28 mov rax, QWORD PTR _ArgList$[rbp]
00065 48 89 85 18 01
00 00 mov QWORD PTR tv77[rbp], rax
0006c b9 01 00 00 00 mov ecx, 1
00071 ff 15 00 00 00
00 call QWORD PTR __imp___acrt_iob_func
00077 48 89 85 20 01
00 00 mov QWORD PTR tv75[rbp], rax
0007e 4c 8b 8d 18 01
00 00 mov r9, QWORD PTR tv77[rbp]
00085 45 33 c0 xor r8d, r8d
00088 48 8b 95 50 01
00 00 mov rdx, QWORD PTR _Format$[rbp]
0008f 48 8b 8d 20 01
00 00 mov rcx, QWORD PTR tv75[rbp]
00096 e8 00 00 00 00 call _vfprintf_l
0009b 89 45 04 mov DWORD PTR _Result$[rbp], eax
; 961 : __crt_va_end(_ArgList);
0009e 48 c7 45 28 00
00 00 00 mov QWORD PTR _ArgList$[rbp], 0
; 962 : return _Result;
000a6 8b 45 04 mov eax, DWORD PTR _Result$[rbp]
; 963 : }
000a9 8b f8 mov edi, eax
000ab 48 8d 4d e0 lea rcx, QWORD PTR [rbp-32]
000af 48 8d 15 00 00
00 00 lea rdx, OFFSET FLAT:printf$rtcFrameData
000b6 e8 00 00 00 00 call _RTC_CheckStackVars
000bb 8b c7 mov eax, edi
000bd 48 8b 8d 28 01
00 00 mov rcx, QWORD PTR __$ArrayPad$[rbp]
000c4 48 33 cd xor rcx, rbp
000c7 e8 00 00 00 00 call __security_check_cookie
000cc 48 8d a5 38 01
00 00 lea rsp, QWORD PTR [rbp+312]
000d3 5f pop rdi
000d4 5d pop rbp
000d5 c3 ret 0
printf ENDP
_TEXT ENDS
; Function compile flags: /Odtp /RTCsu /ZI
; File C:\Program Files (x86)\Windows Kits\10\Include\10.0.19041.0\ucrt\stdio.h
; COMDAT _vfprintf_l
_TEXT SEGMENT
_Stream$ = 224
_Format$ = 232
_Locale$ = 240
_ArgList$ = 248
_vfprintf_l PROC ; COMDAT
; 644 : {
$LN3:
00000 4c 89 4c 24 20 mov QWORD PTR [rsp+32], r9
00005 4c 89 44 24 18 mov QWORD PTR [rsp+24], r8
0000a 48 89 54 24 10 mov QWORD PTR [rsp+16], rdx
0000f 48 89 4c 24 08 mov QWORD PTR [rsp+8], rcx
00014 55 push rbp
00015 57 push rdi
00016 48 81 ec f8 00
00 00 sub rsp, 248 ; 000000f8H
0001d 48 8d 6c 24 30 lea rbp, QWORD PTR [rsp+48]
00022 48 8b fc mov rdi, rsp
00025 b9 3e 00 00 00 mov ecx, 62 ; 0000003eH
0002a b8 cc cc cc cc mov eax, -858993460 ; ccccccccH
0002f f3 ab rep stosd
00031 48 8b 8c 24 18
01 00 00 mov rcx, QWORD PTR [rsp+280]
00039 48 8d 0d 00 00
00 00 lea rcx, OFFSET FLAT:__6DFAE8B8_stdio@h
00040 e8 00 00 00 00 call __CheckForDebuggerJustMyCode
; 645 : return __stdio_common_vfprintf(_CRT_INTERNAL_LOCAL_PRINTF_OPTIONS, _Stream, _Format, _Locale, _ArgList);
00045 e8 00 00 00 00 call __local_stdio_printf_options
0004a 48 8b 8d f8 00
00 00 mov rcx, QWORD PTR _ArgList$[rbp]
00051 48 89 4c 24 20 mov QWORD PTR [rsp+32], rcx
00056 4c 8b 8d f0 00
00 00 mov r9, QWORD PTR _Locale$[rbp]
0005d 4c 8b 85 e8 00
00 00 mov r8, QWORD PTR _Format$[rbp]
00064 48 8b 95 e0 00
00 00 mov rdx, QWORD PTR _Stream$[rbp]
0006b 48 8b 08 mov rcx, QWORD PTR [rax]
0006e ff 15 00 00 00
00 call QWORD PTR __imp___stdio_common_vfprintf
; 646 : }
00074 48 8d a5 c8 00
00 00 lea rsp, QWORD PTR [rbp+200]
0007b 5f pop rdi
0007c 5d pop rbp
0007d c3 ret 0
_vfprintf_l ENDP
_TEXT ENDS
; Function compile flags: /Odtp /RTCsu /ZI
; File C:\Program Files (x86)\Windows Kits\10\Include\10.0.19041.0\ucrt\corecrt_stdio_config.h
; COMDAT __local_stdio_printf_options
_TEXT SEGMENT
__local_stdio_printf_options PROC ; COMDAT
; 90 : {
$LN3:
00000 40 55 push rbp
00002 57 push rdi
00003 48 81 ec e8 00
00 00 sub rsp, 232 ; 000000e8H
0000a 48 8d 6c 24 20 lea rbp, QWORD PTR [rsp+32]
0000f 48 8b fc mov rdi, rsp
00012 b9 3a 00 00 00 mov ecx, 58 ; 0000003aH
00017 b8 cc cc cc cc mov eax, -858993460 ; ccccccccH
0001c f3 ab rep stosd
0001e 48 8d 0d 00 00
00 00 lea rcx, OFFSET FLAT:__A2143F22_corecrt_stdio_config@h
00025 e8 00 00 00 00 call __CheckForDebuggerJustMyCode
; 91 : static unsigned __int64 _OptionsStorage;
; 92 : return &_OptionsStorage;
0002a 48 8d 05 00 00
00 00 lea rax, OFFSET FLAT:?_OptionsStorage@?1??__local_stdio_printf_options@@9@4_KA ; `__local_stdio_printf_options'::`2'::_OptionsStorage
; 93 : }
00031 48 8d a5 c8 00
00 00 lea rsp, QWORD PTR [rbp+200]
00038 5f pop rdi
00039 5d pop rbp
0003a c3 ret 0
__local_stdio_printf_options ENDP
_TEXT ENDS
; Function compile flags: /Odtp /RTCsu /ZI
; File C:\$Fanta\code-virtualizer\CodeVirtualizer\RipMovInst.cpp
; COMDAT ?__empty_global_delete@@YAXPEAX_KW4align_val_t@std@@@Z
_TEXT SEGMENT

2205
CodeVirtualizer/x64/Debug/RipOrInst.cod
View File

File diff suppressed because it is too large Load Diff

12
CodeVirtualizer/x64/Debug/RipXorInst.cod
Unescape View File

@ -647,7 +647,7 @@ $LN6:
00068 c6 45 0a 00 mov BYTE PTR RawData$[rbp+6], 0
; 30 :
; 31 : PNATIVE_CODE_LINK Link = new NATIVE_CODE_LINK(CODE_FLAG_IS_INST, RawData, sizeof(RawData));
; 31 : PNATIVE_CODE_LINK Link = new NATIVE_CODE_LINK(CODE_FLAG_IS_INST | CODE_FLAG_DO_NOT_DIVIDE, RawData, sizeof(RawData));
0006c b9 f0 00 00 00 mov ecx, 240 ; 000000f0H
00071 e8 00 00 00 00 call ??2@YAPEAX_K@Z ; operator new
@ -659,7 +659,7 @@ $LN6:
00087 41 b9 07 00 00
00 mov r9d, 7
0008d 4c 8d 45 04 lea r8, QWORD PTR RawData$[rbp]
00091 ba 04 00 00 00 mov edx, 4
00091 ba 0c 00 00 00 mov edx, 12
00096 48 8b 8d 28 01
00 00 mov rcx, QWORD PTR $T5[rbp]
0009d e8 00 00 00 00 call ??0_NATIVE_CODE_LINK@@QEAA@KPEAXK@Z ; _NATIVE_CODE_LINK::_NATIVE_CODE_LINK
@ -851,7 +851,7 @@ $LN6:
00070 c6 45 10 00 mov BYTE PTR RawData$[rbp+8], 0
; 18 :
; 19 : PNATIVE_CODE_LINK Link = new NATIVE_CODE_LINK(CODE_FLAG_IS_INST, RawData, sizeof(RawData));
; 19 : PNATIVE_CODE_LINK Link = new NATIVE_CODE_LINK(CODE_FLAG_IS_INST | CODE_FLAG_DO_NOT_DIVIDE, RawData, sizeof(RawData));
00074 b9 f0 00 00 00 mov ecx, 240 ; 000000f0H
00079 e8 00 00 00 00 call ??2@YAPEAX_K@Z ; operator new
@ -863,7 +863,7 @@ $LN6:
0008f 41 b9 09 00 00
00 mov r9d, 9
00095 4c 8d 45 08 lea r8, QWORD PTR RawData$[rbp]
00099 ba 04 00 00 00 mov edx, 4
00099 ba 0c 00 00 00 mov edx, 12
0009e 48 8b 8d 38 01
00 00 mov rcx, QWORD PTR $T5[rbp]
000a5 e8 00 00 00 00 call ??0_NATIVE_CODE_LINK@@QEAA@KPEAXK@Z ; _NATIVE_CODE_LINK::_NATIVE_CODE_LINK
@ -1056,7 +1056,7 @@ $LN6:
00074 c6 45 11 00 mov BYTE PTR RawData$[rbp+9], 0
; 6 :
; 7 : PNATIVE_CODE_LINK Link = new NATIVE_CODE_LINK(CODE_FLAG_IS_INST, RawData, sizeof(RawData));
; 7 : PNATIVE_CODE_LINK Link = new NATIVE_CODE_LINK(CODE_FLAG_IS_INST | CODE_FLAG_DO_NOT_DIVIDE, RawData, sizeof(RawData));
00078 b9 f0 00 00 00 mov ecx, 240 ; 000000f0H
0007d e8 00 00 00 00 call ??2@YAPEAX_K@Z ; operator new
@ -1068,7 +1068,7 @@ $LN6:
00093 41 b9 0a 00 00
00 mov r9d, 10
00099 4c 8d 45 08 lea r8, QWORD PTR RawData$[rbp]
0009d ba 04 00 00 00 mov edx, 4
0009d ba 0c 00 00 00 mov edx, 12
000a2 48 8b 8d 38 01
00 00 mov rcx, QWORD PTR $T5[rbp]
000a9 e8 00 00 00 00 call ??0_NATIVE_CODE_LINK@@QEAA@KPEAXK@Z ; _NATIVE_CODE_LINK::_NATIVE_CODE_LINK

BIN
x64/Debug/CodeVirtualizer.ilk
View File

Binary file not shown.
Write Preview
Loading…
Cancel
Save